[Webinar] Learn how to a build a cloud-first strategyRegister Now


IP Adress Change on PIX-to-PIX VPN

Posted on 2006-05-13
Medium Priority
Last Modified: 2013-11-16
I have an IP address that has been changed by Insight, causing the site-to-site VPN tunnel to quit functioning.  I have corrected this once, but have lost some of my notes.  I know that I issued a 'no crypto' command and a 'no isakmp' command followed by the same two commands (without the no) using the new IP address.

I remember issuing some command to show the current setup and then copying the existing crypto and isakmp commads from this output, but I can't remember the command that was issued to show this information.

Can anyone refresh my memory, or provide me with a sample set of commands for completing this task?

Question by:GeeWHIZLLC
  • 2
LVL 20

Assisted Solution

calvinetter earned 1500 total points
ID: 16675163
  On the PIX whose IP has changed:
# clear any existing VPN connections
clear cry ips sa
clear cry isa sa

# remove the crypto map & disable isakmp
no crypto map my_map interface outside
no isakmp enable outside

# re-apply map & re-enable isakmp
crypto map my_map interface outside
isakmp enable outside
   On the remote PIX:
clear cry ips sa
clear cry isa sa
no crypto map my_map interface outside
no isakmp enable outside

# remove old isakmp peer, create new one
no isakmp key <some_key> address <old_IP>
isakmp key <some_key> address <new_IP>

crypto map my_map interface outside
isakmp enable outside

If either PIX is running buggy 6.3(1), reboot the unit.  Now start pinging from hosts behind either of the PIXes to the other internal LAN to re-establish the tunnel.  


Author Comment

ID: 16679447

Those are the commands I remember.  However, I can't remember what command I used to get a list of the current maps defined on the remote pix.
LVL 20

Accepted Solution

calvinetter earned 1500 total points
ID: 16680086
 To show defined crypto maps:
sh cry map

  To show current VPN security associations:
( You can add the keyword "detail" at the end of each command below for more verbose output. )
sh cry ipsec sa
sh cry isakmp sa

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question